A remote attacker could gain access to the device, allowing
him or her to cause a denial of service, change the configuration,
install malicious firmware, or gain unauthorized access to
the internal network.
Routers and other networking devices often contain administrative
interfaces to allow the network administrator to make configuration
changes or diagnose problems remotely. The Telnet, FTP,
and HTTP protocols are commonly used to
provide such interfaces. It is usually necessary to provide
a password in order to access the device.
Some devices are shipped with known default passwords.
If these devices are installed in an operational environment
with the default passwords still in place, they provide a
remote attacker with an easy way to gain access to the device.
Once access has been gained, the attacker could create a
denial of service, make unauthorized configuration changes,
install malicious firmware, or route packets to machines
on the internal network which would otherwise be blocked
by the router.
Related CVE entries:
CVE 2001-1543 Axis network camera
CVE 2002-1229 Avaya Cajun switches
CVE 2002-1440 Gateway GS-400
CVE 2002-2020 NetGear Cable/DSL router
CVE 2004-1320 Asante FM2008
CVE 2004-1321 Asante FM2008
CVE 2004-1791 Edimax WAP
CVE 2004-1920 X-Micro WLAN Routers
CVE 2004-2556 NetGear WG602
CVE 2004-2557 NetGear WG602 additional
CVE 2005-0865 Samsung ADSL modem
CVE 2005-2026 Vertical Horizon switch
CVE 2005-3717 UTStarcom VoIP WIFI Phone
CVE 2009-0620 Cisco ACE
CVE 2009-0621 Cisco ACE
Walter Belgers' paper, [http://www.belgers.com/write/pwseceng.txt]
UNIX password security, is a good reference on strengthening passwords.
Although it focuses on UNIX, the password guidelines presented
in this paper are applicable to all devices.
Specific information is available for
[http://www.securityfocus.com/archive/1/203022] ZyXEL Prestige routers,
[http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html] Gateway GS-400,
[http://online.securityfocus.com/archive/1/295256] Avaya switches,
[http://www.securityfocus.com/archive/1/360049] X-Micro WLAN routers,
[http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0049.html] NetGear WG602 Accesspoint,
[http://slashdot.org/it/04/06/08/1319206.shtml?tid=126&tid=172] NetGear WG602 Accesspoint change,
[http://www.securityfocus.com/archive/1/365685] Edimax WAP,
[http://www.securityfocus.com/archive/1/371575] NetGear DG834G,
[http://archives.neohapsis.com/archives/bugtraq/2004-09/0033.html] Dynalink RTA 230,
[http://www.securityfocus.com/archive/1/384493] Asante FM2008 switch,
[http://www.securityfocus.com/archive/1/403029] Vertical Horizon switch,
[http://secunia.com/advisories/17629] UTStarcom VoIP WIFI Phone,
[http://www.securityfocus.com/bid/33900] Cisco ACE, and
[http://www.securityfocus.com/archive/1/507263] 3Com OfficeConnect.
Change the password to something other than the default.
A recommended password would be one which is at least
eight characters long, contains both letters and numbers,
and is not based on any associated information such as
account names, user's names, or DNS names.
If the password cannot be changed, contact your vendor for
a firmware fix, or block access to all affected services
at the network perimeter.
NOTE: In some cases, notably the Gateway GS-400 server
vulnerability, changing the password may void the
Low Attack Complexity, Partial Confidentiality Impact, Partial Integrity Impact, Complete Availability Impact